PATENTS 
112025-0489 
CPOL# 139761 Seq.#4885 



IN THE CLAIMS: 

1 1. (CANCELLED) 

1 2. (CURRENLTY AMENDED) The method of claim 4-_4 wherein the step of generating 

2 a super class comprises the step of: 

3 saving class information associated with each class. 

1 3. (CURRENTLY AMENDED) The method of claim 2 whoroin the class informa 

2 tion includ es for e ach class: A method for generating lookup tables and a final equiva- 

3 lence set for use in classifying a network packet in accordance with a policy that specifies 

4 one or more classes, each class containing one or more match statements, the match 

5 statements being one of a stand-alone matching rule and a matching rule in an access 

6 control list (ACL) defining one or more matching rules, the method comprising the steps 

7 of: 

8 generating a super class that contains all of the matching rules associated with the 

9 classes specified by the policy and that contains for each class a class name that identifies 

10 the class^a class criterion associated with the classy and a bitmap representing the 

1 1 matching rules associated with the classy 

12 converting the matching rules of the super class into a single, hierarchical ar- 

13 rangement of lookup tables and associated equivalence sets, the hierarchical arrangement 
H having a plurality of levels including a first level and a final level, the final equivalence 
15 set being associated with the final level. 

1 4. (CURRENTLY AMENDED) The m e thod of claim 1 wherein the n e twork pack e t 

2 is organiz e d into a plurality of s e ctions and th e st e p of conv e rting compris e s th e st e ps of: 

3 A method for generating lookup tables and a final equivalence set for use in classifying a 

4 network packet in accordance with a policy that specifies one or more classes, each class 
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5 containing one or more match statements, the match statements being one of a stand- 

6 alone matching rule and a matching rule in an access control list (ACL) defining one or 

7 more matching rules, the method comprising the steps of: 

8 generating a super class that contains all of the matching rules associated with the 

9 classes specified by the policy; and 

10 converting the matching rules of the super class into a single, hierarchical ar- 

n rangement of lookup tables and associated equivalence sets, the hierarchical arrangement 

12 having a plurality of levels including a first level and a final level; 

13 generating a first-level lookup table and a first-level equivalence set for e ach a 

14 network packet section using the matching rules of the super class; 

15 merging the first-level equivalence sets to produce one or more next-level lookup 

16 tables and next-level equivalence sets; and 

n merging the equivalence sets for each level to produce one or more next-level 

is lookup tables and next-level equivalence sets until the-ajookup table and equivalence set 

19 associated with final level is produced. 

1 5. (ORIGINAL) The method of claim 4 wherein each network packet section is associ- 

2 ated with a value and the step of generating the first-level lookup tables and first-level 

3 equivalence sets comprises the steps of: 

4 creating a bitmap that represents the matching rules associated with a respective 

5 network packet section's value; 

6 determining if the bitmap matches an entry in the first-level equivalence set and, 

7 if so, assigning an equivalence set index value associated with the matching entry to the 

8 bitmap, otherwise, assigning a new equivalence set index value to the bitmap and placing 

9 the bitmap in the equivalence set; and 

10 associating the equivalence set index value with the first-level lookup table entry 
n associated with the respective network packet section's value. 
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1 6. (ORIGINAL) The method of claim 4 wherein the step of merging the equivalence sets 

2 for each level to produce one or more next-level lookup tables and next-level equivalence 

3 sets, comprises the steps of: 

4 a) calculating the cross-product of a first bitmap associated with a first equiva- 

5 lence set and a second bitmap associated with a second equivalence set to produce a third 

6 bitmap; 

7 b) determining if the third bitmap matches an entry in the next-level equivalence 

8 set and, if so, assigning an equivalence set index value associated with the matching entry 

9 to the third bitmap, otherwise, assigning a new equivalence set index value to the third 

10 bitmap and placing the third bitmap in the equivalence set; 

i i c) associating a next-level lookup table entry with the equivalence set index value; 

12 and 

13 d) repeating steps a through c for all entries in the first equivalence set and all the 

14 entries in the second equivalence set. 

1 7. (CURRENLTY AMENDED) The method of claim ± A further comprising the step of: 

2 associating each entry in the final equivalence set with one or more classes. 

1 8. (CURRENLTY AMENDED) The method of claim ±4 further comprising the step of: 

2 transferring the lookup tables and final equivalence set to a network device that 



3 performs packet classification. 

1 9. (ORIGINAL) A method for generating lookup tables, a final equivalence set and a 

2 results table for use in classifying a network packet in accordance with one or more 

3 match statements, the match statements being one of a stand-alone matching rule and a 

4 matching rule in an access control list (ACL) defining one or more matching rules, the 

5 method comprising the steps of: 

6 generating a super class that contains all of the matching rules; 
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7 converting the matching rules of the super class into a single, hierarchical ar- 

8 rangement of lookup tables and equivalence sets, the hierarchical arrangement having a 

9 plurality of levels including a first level and a final level, the final equivalence set being 

10 associated with the equivalence set of the final level; and 

i i generating the results table from the entries in the final equivalence set. 

1 10. (ORIGINAL) The method of claim 9 wherein each entry in the final equivalence set 

2 is associated with an equivalence set index value and the step of generating the results 

3 table from the entries in the final equivalence set, comprises the step of: 

4 associating the equivalence set index value with a result associated with the 

5 packet. 

1 11. (ORIGINAL) The method of claim 9 further comprising the step of: 

2 transferring the lookup tables and final equivalence set to a network device that 



3 performs packet classification, 
i 12. (CANCELLED) 
i 13. (CANCELLED) 



1 14. (ORIGINAL) A method for classifying a network packet in accordance with one 

2 or more match statements, the match statements being one of a stand-alone matching rule 

3 and a matching rule in an access control list (ACL) defining a plurality of matching rules, 

4 the method comprising the steps of: 

5 generating a super class that contains all of the matching rules; 

6 converting the matching rules of the super class into a single, hierarchical ar- 

7 rangement of lookup tables, the hierarchical arrangement having a plurality of levels in- 

8 eluding a first level and a final level, a final equivalence set being associated with the fi- 

9 nal level; 
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10 generating a results table from entries in the final equivalence set; 

n applying the network packet to the lookup tables to generate an outcome index; 

12 and 

13 applying the outcome index to the results table to determine a result that applies to 

14 the network packet. 

i 15. (ORIGINAL) The method of claim 14 wherein the result is a pointer to a class 



2 associated with the network packet. 

1 1 6. (ORIGINAL) The method of claim 1 4 wherein the result is a pointer to a match- 

2 ing rule associated with the network packet. 

1 17. (ORIGINAL) The method of claim 14 further comprising the step of: 

2 dividing the network packet into a plurality of sections. 

i 18-22. (CANCELLED) 

1 23. (ORIGINAL) A network device for classifying a network packet in accordance 

2 with one or more match statements, the match statements being one of a stand-alone 

3 matching rule and a matching rule in an access control list (ACL) defining a plurality of 

4 matching rules, the network device comprising: 



5 means for generating a super class that contains all of the matching rules; 

6 means for converting the matching rules of the super class into a single, hierarchi- 

7 cal arrangement of lookup tables and equivalence sets, the hierarchical arrangement hav- 

8 ing a plurality of levels including a first level and a final level, a final equivalence set be- 

9 ing associated with the final level; 

10 means for generating a results table from entries in the final equivalence set; 

i i means for applying the network packet to the lookup tables associated with the 

12 first level to generate an outcome index; and 
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means for applying the outcome index to the results table to determine a result 
that applies to the network packet. 

24-27. (CANCELLED) 

28. (CURRENTLY AMENDED) A method for generating lookup tables, the method 
comprising the steps of: 

generating a super class that contains a plurality of matching rules for sorting in- 
coming packets into classes; 

converting the plurality of matching rules of the super class into a single, hierar- 
chical arrangement of lookup tables and equivalence sets; and 

generating the -a final lookup table in response to the hierarchical arrangement of 
lookup tables and equivalence sets. 

29. (CURRENTLY AMENDED) The method of claim 28 further comprising the step of: 

transferring the lookup tables and the final-equivalence sets to a network device 
that performs packet classification. 

30. (CURRENTLY AMENDED) An apparatus for generating lookup tables, comprising: 

means for generating a super class that contains a plurality of matching rules for 
sorting incoming packets into classes; 

means for converting the plurality of matching rules of the super class into a sin- 
gle, hierarchical arrangement of lookup tables and equivalence sets; and 

means for generating the -a final lookup table in response to the hierarchical ar- 
rangement of lookup tables and equivalence sets. 

31. (CURRENTLY AMENDED) The apparatus claim 30 further comprising: 

means for transferring the lookup tables and the final-equivalence sets to a net- 
work device that performs packet classification. 
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1 32. (CURRENTLY AMENDED) A system for generating lookup tables, comprising: 

2 a processor configured to generate a super class that contains a plurality of match- 

3 ing rules for sorting incoming packets into classes; 

4 the processor further configured to convert the plurality of matching rules of the 

5 super class into a single, hierarchical arrangement of lookup tables and equivalence sets; 

6 the processor further configured to generate ihe -a final lookup table in response to 

7 the hierarchical arrangement of lookup tables and equivalence sets; and 

8 a memory coupled to the processor, the memory configured to store the final 

9 lookup table. 

1 33. (CURRENTLY AMENDED) A computer readable media comprising: 

2 the computer readable media containing computer executable instructions for 

3 execution in a processor for the practice of generating lookup tables, comprising, 

4 generating a super class that contains a plurality of matching rules for sorting in- 

5 coming packets into classes; 

6 converting the plurality of matching rules of the super class into a single, hierar- 

7 chical arrangement of lookup tables and equivalence sets; and 

8 generating the-a final lookup table in response to the hierarchical arrangement of 



9 lookup tables and equivalence sets. 

1 34. (NEW) An apparatus for generating lookup tables, a final equivalence set and a re- 

2 suits table for use in classifying a network packet in accordance with one or more match 

3 statements, the match statements being one of a stand-alone matching rule and a match- 

4 ing rule in an access control list (ACL) defining a plurality of matching rules, compris- 

5 ing: 

6 a processor; 

7 a memory coupled to the processor; and 

8 means for generating a super class that contains all of the matching rules; 
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whereby the processor is configured to a) convert the matching rules of the super 
class into a single, hierarchical arrangement of lookup tables and equivalence sets, the 
hierarchical arrangement having a plurality of levels including a first level and a final 
level, the final equivalence set being associated with the final level, b) place the lookup 
tables and final equivalence set in the memory, and c) generate the results table from en- 
tries in the final equivalence set. 

35. (NEW) The apparatus of claim 34 further comprising: 

a content-addressable memory (CAM); 

whereby the processor is configured to place the lookup tables in the CAM. 

36. (NEW) A computer readable media containing computer executable instructions for 
execution in a processor for generating lookup tables, a final equivalence set and a results 
table for use in classifying a network packet in accordance with one or more match 
statements, the match statements being one of a stand-alone matching rule and a match- 
ing rule in an access control list (ACL) defining one or more matching rules, the instruc- 
tions adapted for: 

generating a super class that contains all of the matching rules; 

converting the matching rules of the super class into a single, hierarchical ar- 
rangement of lookup tables and equivalence sets, the hierarchical arrangement having a 
plurality of levels including a first level and a final level, the final equivalence set being 
associated with the equivalence set of the final level; and 

generating the results table from the entries in the final equivalence set. 

37. (NEW) A computer readable media containing computer executable instructions for 
execution in a processor for classifying a network packet in accordance with one or more 
match statements, the match statements being one of a stand-alone matching rule and a 
matching rule in an access control list (ACL) defining a plurality of matching rules, the 
instructions adapted for: 
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generating a super class that contains all of the matching rules; 

converting the matching rules of the super class into a single, hierarchical ar- 
rangement of lookup tables, the hierarchical arrangement having a plurality of levels in- 
cluding a first level and a final level, a final equivalence set being associated with the fi- 
nal level; 

generating a results table from entries in the final equivalence set; 

applying the network packet to the lookup tables to generate an outcome index; 

and 

applying the outcome index to the results table to determine a result that applies to 
the network packet. 
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